iOS 4.x jailbreakers may get tricked by fake greenpois0n hacks

Though the Library of Congress has ruled iPhone jailbreaks as "fair use," that doesn't mean Apple can't try to prevent it. While Apple has patched iOS 4.x to stymie jailbreaks on the iPhone 4, hackers have reportedly discovered a low-level boot ROM exploit which could allow these devices to be jailbroken. However, users hoping to use the code to jailbreak these devices are instead being tricked into downloading a trojan used to steal passwords from desktop computers.

A hacker named "pod2g," who works with a group that goes by the name Chronic Development Team, announced earlier this month that he found an exploit that could effectively jailbreak an iPhone 4 "forever." The exploit, referred to as "SHAtter," takes advantage of a flaw discovered in very low-level iPhone boot ROM code. Since it is unlikely that Apple could patch the boot ROM via software, devices with the flawed boot ROM code would be impervious to jailbreak patches in future iOS updates.

A purported tool using the exploit, greenpois0n, has been circulating recently, but security researcher Costin Raiu at Kapersey Labs says that all such tools are in fact trojans designed to trick users into giving up passwords. Additionally, fake jailbreaking websites have popped up, claiming to offer jailbreaks for any iOS device running any iOS version for up to $40 a pop.

Raiu warned that there are no current jailbreaks for iOS 4.0.2 or later on the iPhone 4, though the iPhone Dev Team has released a new beta of redsn0w which can jailbreak iOS 4.1 running on an iPhone 3G or second-gen iPod touch. These older devices are still susceptible to the pwnage2 DFU exploit used on these devices when running older versions of iOS. However, using the new beta may disable carrier unlocks (using the ultrasn0w tool) "forever."

The important caveat buried in all this is that jailbreaking probably shouldn't be undertaken by casual users, despite the availability of one-click tools like blackra1n or PwnageTool. Likewise, users who do decide to jailbreak should make every effort to be well-informed of what groups like iPhone Dev Team or Chronic Development Team are working on. Jailbreaking by definition compromises the security of your mobile device, and it seems malicious hackers aren't afraid to exploit the desire to jailbreak for their own ends.

Does this support the argument that Apple should allow "jailbreaking" through an official tool, to keep its users safe? It wouldn't have to be on the phone, just available for the hacker types. Clearly Apple has survived with people jailbreaking already. Why endanger your users simply because you're a control freak?

Really, Apple should just give their OWN jailbreaking tool and tell the wireless companies "Sorry, but these people have the right to not have your crap on the phone!"

This assumes that once users have jail-broken their phone they're safe...they're not: They're then more open to malicious stuff. If jailbreaking were more widely available, the security through obscurity that jailbroken iPhones now enjoy would be gone. You then have a more vulnerable device, a wide user base, enter havoc...

This assumes that once users have jail-broken their phone they're safe...they're not: They're then more open to malicious stuff. If jailbreaking were more widely available, the security through obscurity that jailbroken iPhones now enjoy would be gone. You then have a more vulnerable device, a wide user base, enter havoc...

Jailbreaking a phone does NOT make it less secure, unless YOU make it so (for example, by installing - this is not done by default, by the way - OpenSSH and not changing the default password).

This assumes that once users have jail-broken their phone they're safe...they're not: They're then more open to malicious stuff. If jailbreaking were more widely available, the security through obscurity that jailbroken iPhones now enjoy would be gone. You then have a more vulnerable device, a wide user base, enter havoc...

Jailbreaking a phone does NOT make it less secure, unless YOU make it so (for example, by installing - this is not done by default, by the way - OpenSSH and not changing the default password).

The problem comes when a package requires OpenSSH to be installed and it's installed without the end user knowing it. Jailbreaking is just as safe (if not more so) when it's done right. But in the hands of the average end user there is a greater chance to have the device left wide open.

Buddy.. know what you are talking about before you make a post. That article takes 10 paragraphs to say exactly what the OP did (it discusses the very flaw the OP talked about).. Jailbreaking in itself does not make it less secure, you do by not changing the default ssh password. Now of course staying back a version or two does not always help , but 99% of the time, you are just as safe on a properly jailbroken iOS device than you are on a locked iOS device.

Buddy.. know what you are talking about before you make a post. That article takes 10 paragraphs to say exactly what the OP did (it discusses the very flaw the OP talked about).. Jailbreaking in itself does not make it less secure, you do by not changing the default ssh password. Now of course staying back a version or two does not always help , but 99% of the time, you are just as safe on a properly jailbroken iOS device than you are on a locked iOS device.

Really? Disabling the sandboxes doesn't widen the attack surface? Neither does removing DEP? Nor disabling signed binaries? In what magical universe do you live in where these changes do not make the OS less secure?

Did you even read Charlie Miller's quotes?

"A year ago, I didn't think that jailbroken iPhones were less secure than those that weren't jailbroken," said Miller. "But I've changed my mind."

"Jailbroken iPhones don't obey the security model of the iPhone," Miller said. "The whole point [of jailbreaking] is to break the security model."

"Apple made it really hard to break into the iPhone," Miller said, citing a layered defense that includes DEP (data execution prevention). "But jailbreaking breaks all those, including DEP," he added.

"Jailbroken iPhones don't obey the security model of the iPhone," Miller said. "The whole point [of jailbreaking] is to break the security model."

That is the point to jailbreaking. Many of the security features are the same features that limit the utility of the phone. If you're capable of safely navigating the internet on a computer you can handle a jailbroken phone. All jailbreaking does is add capability to your pocket computer.

Without breaking sandboxing I can't use Mobile Safari to download files in addition to viewing them in the browser. I can't send those same files as email attachments either. I cannot use a file manager or compression utilites to zip up a selection of files and email them as any other computer can either. I can't load software I write on my phone without paying Apple for the privilege. I can't send files via bluetooth. I can't...

After jailbreaking I can do all of that and more, including running a firewall to boost security somewhat. If you can handle using a computer safely, you can handle a jailbroken iPhone, because it's the same thing.

It's a great base OS, but until Apple gets around to adding all of the features that people want, jailbreaking has value to me and many others. Jailbreakers were multitasking, copy and pasting, spotlight searching and bluetooth keyboarding all long before Apple got around to implementing those features, sometimes years before. Apple still has yet to do anything with the huge expanse of wasted space that is the lock screen.

My phone is far more useful to me on a daily basis as a result of using jailbreak utilities. If that has no value to you, don't jailbreak. Those Safari exploits will leave you untouched I'm certain, since you're safe when you don't jailbreak.

If I could jailbreak my phone I would happily accept the risk for the added functionality. Using android for a while has opened my eyes to the things that iOS doesn't let me do... jailbreaking helps fix that so when it is done properly I'm all for it. Course it would be better if apple would just provide the necessary abilities rather than forcing hackers to do the work. Oh well.

So are these trojans getting into peoples computers while they are trying to surf the web for jailbreaks? Or are they getting on the actual iPhones and stealing passwords? If its computers is it a PC thing or a Mac thing? Is it just me or did the article go into little detail about this?

Does this support the argument that Apple should allow "jailbreaking" through an official tool, to keep its users safe? It wouldn't have to be on the phone, just available for the hacker types. Clearly Apple has survived with people jailbreaking already. Why endanger your users simply because you're a control freak?

(The same sentiment goes for Android devices.)

Disclaimer: I've owned each generation of the iPhone and jailbroken them all.

That's a pretty goofy argument. The device maker is endangering users because they aren't letting them hack the phone officially?

The *users* are endangering themselves by doing this. If they don't want to run the risk of being caught up in this, they should educate themselves and either not jailbreak, or know what's going on and not d/l Trojans. There's something to be said for personal responsibility.

Does this support the argument that Apple should allow "jailbreaking" through an official tool, to keep its users safe? It wouldn't have to be on the phone, just available for the hacker types. Clearly Apple has survived with people jailbreaking already. Why endanger your users simply because you're a control freak?

(The same sentiment goes for Android devices.)

Disclaimer: I've owned each generation of the iPhone and jailbroken them all.

That's a pretty goofy argument. The device maker is endangering users because they aren't letting them hack the phone officially?

The *users* are endangering themselves by doing this. If they don't want to run the risk of being caught up in this, they should educate themselves and either not jailbreak, or know what's going on and not d/l Trojans. There's something to be said for personal responsibility.

Hear hear!

I'm shocked - shocked - that a hack to remove security from a device could be misused in this manner. Surely hackers are all nice people with solid ethics! This shakes my belief in them.

Buddy.. know what you are talking about before you make a post. That article takes 10 paragraphs to say exactly what the OP did (it discusses the very flaw the OP talked about).. Jailbreaking in itself does not make it less secure, you do by not changing the default ssh password. Now of course staying back a version or two does not always help , but 99% of the time, you are just as safe on a properly jailbroken iOS device than you are on a locked iOS device.

Really? Disabling the sandboxes doesn't widen the attack surface? Neither does removing DEP? Nor disabling signed binaries? In what magical universe do you live in where these changes do not make the OS less secure?

Did you even read Charlie Miller's quotes?

"A year ago, I didn't think that jailbroken iPhones were less secure than those that weren't jailbroken," said Miller. "But I've changed my mind."

"Jailbroken iPhones don't obey the security model of the iPhone," Miller said. "The whole point [of jailbreaking] is to break the security model."

"Apple made it really hard to break into the iPhone," Miller said, citing a layered defense that includes DEP (data execution prevention). "But jailbreaking breaks all those, including DEP," he added.

As another poster said, it says what the OP said. If you don't change the default password and don't pay attention to what you install you get your ass handed to use. It's like playing with a gun or fireworks and not knowing how to use them properly. If you don't use your head you're going to get screwed. If you do use your head, like more people should do then things turn out just fine. The Apple security model the guy talks about is Apple's way of trying to prevent stupid people from doing stupid things. While they are doing a pretty decent job the model isn't without it's own security flaws and certainly isn't without quite a few limitations.

Just having a jailbroken iPhone doesn't inherently make it less secure, it just leaves it's users the option to make stupid decisions. Every work/trojan/virus on Android and iOS requires the users to install software. If people allow the software to install there isn't much anyone can do about it. I'm assuming this is one of the reasons why Apple went with their App Store policies, as well as several other reasons I'm sure. This is the same problem on most PCs actually. Most PCs aren't infected because of code that runs automatically, it's because people give the software permission to install and it infects their systems. Anti-virus/anti-malware programs do the best they can, but if the user has given it permission there is only so much it can do.

Does this support the argument that Apple should allow "jailbreaking" through an official tool, to keep its users safe? It wouldn't have to be on the phone, just available for the hacker types. Clearly Apple has survived with people jailbreaking already. Why endanger your users simply because you're a control freak?

(The same sentiment goes for Android devices.)

Disclaimer: I've owned each generation of the iPhone and jailbroken them all.

That's a pretty goofy argument. The device maker is endangering users because they aren't letting them hack the phone officially?

The *users* are endangering themselves by doing this. If they don't want to run the risk of being caught up in this, they should educate themselves and either not jailbreak, or know what's going on and not d/l Trojans. There's something to be said for personal responsibility.

On the surface it might seem like a stretch, but Apple places unreasonable limitations (in many people's minds) on their products. Some number of users search for a way to get around those artificial limitations. Users are at greater risk trying to find what they want on various little-known websites. It's similar to digital marketplaces now versus P2P then. An official provider is safer, and in theory, better. As you admitted yourself, you were willing to take the risk of jailbreaking at least 4 times. Sure, it's the user's fault if they install a trojan or virus, but pragmatism says overall security for the iPhone would be improved by an Apple "jailbreak" app.

It is Apple's fault that the user had to go searching for the hack; locked down is not the natural state of a single user computer. It's not Apple's fault if the user does something stupid.

"Though the Library of Congress has ruled iPhone jailbreaks as 'fair use' ..." I wish people would stop using this phrase. It's simply NOT true at all, and it helps no one to muddy the waters through bad paraphrasing of popular "truths" that aren't actually true.

It's only fair use if the use is legal. The stats are that at *least* 40% of all jailbreakers do it for *illegal* purposes. It's not fair use in those cases, and the number of *illegal* uses for jailbreaking is going *up* not down. These are like, facts, eh?

Does this support the argument that Apple should allow "jailbreaking" through an official tool, to keep its users safe? It wouldn't have to be on the phone, just available for the hacker types. Clearly Apple has survived with people jailbreaking already. Why endanger your users simply because you're a control freak?... )

This is faulty logic. Apple hasn't "endangered" anyone. The users are endangering themselves.

People argue that Apple shouldn't moderate or curate or get in the users way, but then when something goes wrong, you want Apple to be a Nanny and help people avoid the downside of the very "freedom" asked for in the first place? Nonsense.

This assumes that once users have jail-broken their phone they're safe...they're not: They're then more open to malicious stuff. If jailbreaking were more widely available, the security through obscurity that jailbroken iPhones now enjoy would be gone. You then have a more vulnerable device, a wide user base, enter havoc...

Jailbreaking a phone does NOT make it less secure, unless YOU make it so (for example, by installing - this is not done by default, by the way - OpenSSH and not changing the default password).

"Though the Library of Congress has ruled iPhone jailbreaks as 'fair use' ..." I wish people would stop using this phrase. It's simply NOT true at all, and it helps no one to muddy the waters through bad paraphrasing of popular "truths" that aren't actually true.

It's only fair use if the use is legal. The stats are that at *least* 40% of all jailbreakers do it for *illegal* purposes. It's not fair use in those cases, and the number of *illegal* uses for jailbreaking is going *up* not down. These are like, facts, eh?

Complete crap that's been refuted over and over. Statistics may be factual, but all facts are not accurate. There's absolutely no way to quantify what you're claiming. I for one have not used my jailbroken iPhone for anything illegal. I pay for all my apps and am well within the confines of my service provider's contract. Stop spreading this junk. The court's ruling on Jailbreaking and fair use is absolutely legit and 100% "true". What someone does after the fact is another thing. Plenty of illegal stuff can be accomplished with an un-Jailbroken iPhone as well.

This assumes that once users have jail-broken their phone they're safe...they're not: They're then more open to malicious stuff. If jailbreaking were more widely available, the security through obscurity that jailbroken iPhones now enjoy would be gone. You then have a more vulnerable device, a wide user base, enter havoc...

Jailbreaking a phone does NOT make it less secure, unless YOU make it so (for example, by installing - this is not done by default, by the way - OpenSSH and not changing the default password).

Your totally wrong on this but it's likely not worth arguing with zealots about these sort of things.

At the very least you are less secure because you are now managing your own security and while *you* might be able to do it well, the next person probably cannot.

You make no sense whatsoever. You just reworded what exscape said, after saying he was totally wrong: "Jailbreaking a phone does NOT make it less secure, unless YOU make it so" = "while *you* might be able to do it well, the next person probably cannot"

I suppose my jailbroken iOS devices are less safe. I know what that means and I accept the risks. I also work to mitigate them.

I don't expect Apple to offer up tools that make it easy to pirate software or sell in grey markets. Nor do I expect geeks to stop jailbreaking their phones for entirely other reasons, me included.

I also realize that some of the effort expended on this is because of the criminal value in pirating software or selling unlocked phones. This does not make me less interested in having root access on the computers I use, even though I benefit from neither activity.

I rooted my Android phone, too. And my Palm.

Use at your own risk. Your mileage may vary. The issue at hand, what's "safer" and "better", both seem to me to be entirely subjective.

> It is Apple's fault that the user had to go searching for the hack; locked down is not the natural state of a single user computer.

Their fault? Hmmm, while

> It's not Apple's fault if the user does something stupid.

how can they be responsible for a user doing something stupid like choosing a device that requires hacking in order to be able to do something s/he apparently is obliged to do?

If the consumer has perfect information, and still chooses a system that is deliberately limited for whatever reason, it's certainly their "fault". I don't believe you can say that Apple has no culpability by requiring users to seek potentially dubious sources to restore functionality though. It's less justified now that there's more competition for the iPhone, though many Apple fans wouldn't consider an Android phone interchangeable.

It's a very grey area, and I realize my argument is a bit precarious. I don't mind Apple having a walled garden, but I would definitely want freedom myself, preferably without having to wait on 3rd party hacks.

So are these trojans getting into peoples computers while they are trying to surf the web for jailbreaks? Or are they getting on the actual iPhones and stealing passwords? If its computers is it a PC thing or a Mac thing? Is it just me or did the article go into little detail about this?

It sounds like this has absolutely nothing to do with jailbreaking, or the security thereof. If you download some software from the internets, from an unknown source, it may install a Trojan instead of doing what it said it would be doing. Newsflash!!!!

You could just as easily write Scarlet Johannson is a security risk because people searching the internet for photos of her quite likely end up on websites that install malware on their systems.

Nevertheless, I do appreciate the heads-up on the greenpois0n malware.

BTW - I don't get how Apple is supposed to improve security if they had their own jailbreak tool? Apple's security model is pretty tight, and it relies on sandboxing and signed code. You can't take that away and be as secure.

What Apple could be doing is wipe out 90% of jailbreakers by offering unlocked versions of their phones in all markets. Most people just want to unlock their phone. And they could chip away at the jailbreaking community by allowing the most popular jailbreak apps to be created using their own APIs. Blakcklist, WiFi Hotspot, 3G-WiFi enable - all that is trivial stuff. They could probably remove 99% of the reasons people want to jailbreak without reducing security or losing money.

What Apple could be doing is wipe out 90% of jailbreakers by offering unlocked versions of their phones in all markets. Most people just want to unlock their phone. And they could chip away at the jailbreaking community by allowing the most popular jailbreak apps to be created using their own APIs. Blakcklist, WiFi Hotspot, 3G-WiFi enable - all that is trivial stuff. They could probably remove 99% of the reasons people want to jailbreak without reducing security or losing money.

As another poster said, it says what the OP said. If you don't change the default password and don't pay attention to what you install you get your ass handed to use. It's like playing with a gun or fireworks and not knowing how to use them properly. If you don't use your head you're going to get screwed. If you do use your head, like more people should do then things turn out just fine. ... ... ...

Just having a jailbroken iPhone doesn't inherently make it less secure, it just leaves it's users the option to make stupid decisions. Every work/trojan/virus on Android and iOS requires the users to install software.

Thing is, who can you trust when every app installed through jailbreak potentially has access to root? I sincerely hope you're not doing any internet banking on your jailbroken iPhone. Or that you have any contact info in your address book that you wanted to keep safe.

Seriously, how -do- you know that the apps you install don't offhandedly send your data somewhere else without your knowing? Sure, there aren't any reports of this happening, but that doesn't mean it's not happening.